US11727110B2ActiveUtilityA1

Verifying stack pointer

61
Assignee: ADVANCED RISC MACH LTDPriority: Oct 8, 2018Filed: Sep 3, 2019Granted: Aug 15, 2023
Est. expiryOct 8, 2038(~12.3 yrs left)· nominal 20-yr term from priority
G06F 21/64G06F 9/4812G06F 21/556G06F 12/1491G06F 9/468G06F 21/554G06F 12/1458G06F 9/3861G06F 21/54G06F 9/30101G06F 21/74G06F 21/52G06F 2209/481G06F 9/30076G06F 9/30189
61
PatentIndex Score
0
Cited by
16
References
21
Claims

Abstract

An apparatus comprises: processing circuitry to perform data processing in one of a plurality of security domains including at least a secure domain and a less secure domain, and memory access checking circuitry to check whether a memory access is allowed depending on security attribute data indicating which domain is associated with a target address. In response to a given change of program flow from processing in the less secure domain to a target instruction having an address associated with the secure domain: a fault is triggered when the target instruction is an instruction other than a gateway instruction indicating a valid entry point to the secure domain. When the target instruction is said gateway instruction, a stack pointer verifying action is triggered to verify whether it is safe to use a selected stack pointer stored in a selected stack pointer register.

Claims

exact text as granted — not AI-modified
The invention claimed is: 
     
       1. An apparatus comprising:
 processing circuitry to perform data processing in one of a plurality of security domains including at least a secure domain and a less secure domain; 
 memory access checking circuitry to check whether a memory access is allowed depending on security attribute data indicative of which of the plurality of security domains is associated with a target address of the memory access; and 
 at least one stack pointer register to store a stack pointer indicative of a stack data structure in memory; in which: 
 in response to a given change of program flow from processing in the less secure domain to a target instruction having an instruction address associated with the secure domain:
 when the target instruction is an instruction other than a gateway instruction indicative of a valid entry point to the secure domain, the processing circuitry configured to trigger a fault; and 
 when the target instruction is said gateway instruction, the processing circuitry is configured to trigger a stack pointer verifying action to verify whether it is safe to use a selected stack pointer stored in a selected stack pointer register; 
 
 in response to said given change of program flow, when the target instruction is the gateway instruction, the processing circuitry is configured to perform re-entrancy checking in response to the gateway instruction; 
 the re-entrancy checking comprising triggering a fault when a value loaded from an address derived from the selected stack pointer is at least one integrity signature value. 
 
     
     
       2. The apparatus according to  claim 1 , in which said stack pointer verifying action comprises triggering a permissions check to check whether a load request, which requests loading of a value from the address derived from the selected stack pointer stored in the selected stack pointer register, would be permitted. 
     
     
       3. The apparatus according to  claim 2 , in which the processing circuitry is configured to operate at one of a plurality of privilege levels; and
 the memory access checking circuitry is configured to trigger a fault if a selected set of access permissions applicable to the target address specify that a selected privilege level is prohibited from accessing the target address. 
 
     
     
       4. The apparatus according to  claim 3 , in which:
 the processing circuitry is configured to perform data processing in one of a plurality of modes of operation; and 
 said selected privilege level comprises a privilege level associated with processing in a combination of the secure domain and a current mode of operation of the processing circuitry at a time of said given change of program flow. 
 
     
     
       5. The apparatus according to  claim 3 , in which said selected set of access permissions comprises a set of access permissions applicable to the target address when a current domain of the processing circuitry is the secure domain. 
     
     
       6. The apparatus according to  claim 2 , in which said target address equals the selected stack pointer. 
     
     
       7. The apparatus according to  claim 1 , in which in response to said given change of program flow, when the target instruction is the gateway instruction:
 the processing circuitry is configured to determine whether or not to perform the re-entrancy checking in response to the gateway instruction based on a re-entrancy checking enable value specifying whether the re-entrancy checking is enabled or disabled. 
 
     
     
       8. The apparatus according to  claim 1 , in which in response to said given change of program flow, when the target instruction is the gateway instruction:
 the processing circuitry is configured to trigger said permissions check for the address derived from the selected stack pointer even when the re-entrancy checking enable value specifies that re-entrancy checking is disabled. 
 
     
     
       9. The apparatus according to  claim 1 , comprising exception control circuitry responsive to an exception condition to perform one of a plurality of exception entry transitions selected based at least on a current security domain of the processing circuitry, where for at least a subset of the plurality of exception entry transitions, the exception control circuitry is configured to trigger saving of a stack frame including said integrity signature value to a stack data structure identified by the stack pointer stored in said at least one stack pointer register. 
     
     
       10. The apparatus according to  claim 1 , comprising exception control circuitry responsive to an exception return condition to perform one of a plurality of exception return transitions selected based at least on a security domain associated with the exception return condition, where for at least a subset of the plurality of exception return transitions, the exception control circuitry is configured to perform integrity signature checking comprising accessing a stack frame from a given stack data structure selected for that exception return transition and triggering a fault when a mismatch is detected between the value at a predetermined position in the accessed stack frame and said at integrity signature value. 
     
     
       11. The apparatus according to  claim 1 , in which the re-entrancy checking also comprises triggering a fault when a stack pointer selection value, for determining which stack pointer register to use for stacking or unstacking architectural state, has a predetermined value. 
     
     
       12. The apparatus according to  claim 11 , in which:
 within a given security domain, the processing circuitry is configured to perform data processing in one of a plurality of modes, including a handler mode for exception processing and a thread mode for background processing; 
 the apparatus comprises exception control circuitry responsive to an exception condition to trigger storage of architectural state data to:
 a process stack data structure identified by a stack pointer stored in a process stack pointer register when the exception condition occurs in the thread mode and the stack pointer selection value has a first value; and 
 a main stack data structure identified by a stack pointer stored in a main stack pointer register when the exception condition occurs in the thread mode and the stack pointer selection value has a second value; and 
 
 said predetermined value comprises the second value. 
 
     
     
       13. The apparatus according to  claim 12 , in which in response to at least one secure thread mode to secure handler mode exception entry transition, the exception control circuitry is configured to update the stack pointer selection value to the second value. 
     
     
       14. The apparatus according to  claim 1 , in which in response to a change of program flow from processing in the secure domain to a gateway instruction having an instruction address associated with the secure domain, the processing circuitry is configured to omit the re-entrancy checking. 
     
     
       15. The apparatus according to  claim 1 , in which within a given security domain, the processing circuitry is configured to perform data processing in one of a plurality of modes, including a handler mode for exception processing and a thread mode for background processing;
 the apparatus comprises exception control circuitry responsive to an exception condition to trigger storage of architectural state data to:
 a process stack data structure identified by a stack pointer stored in a process stack pointer register when the exception condition occurs in the thread mode and a stack pointer selection value has a first value; and 
 a main stack data structure identified by a stack pointer stored in a main stack pointer register when the exception condition occurs in the thread mode and the stack pointer selection value has a second value; and 
 
 said stack pointer verifying action comprises triggering a fault when the stack pointer selection value has the second value. 
 
     
     
       16. The apparatus according to  claim 1 , in which in response to said given change of program flow, when the target instruction is the gateway instruction and at least one security check performed in response to the gateway instruction is passed, the processing circuitry is configured to trigger a switch of a current security domain from the less secure domain to the secure domain. 
     
     
       17. The apparatus according to  claim 1 , in which:
 in response to said given change of control flow, when the target instruction is said gateway instruction, the processing circuitry is configured to trigger said stack pointer verifying action at least when said processing circuitry is in a predetermined mode of operation. 
 
     
     
       18. The apparatus according to  claim 17 , in which within a given security domain, the processing circuitry is configured to perform data processing in one of a plurality of modes, including a handler mode for exception processing and a thread mode for background processing; and
 said predetermined mode of operation comprises the thread mode. 
 
     
     
       19. The apparatus according to  claim 17 , in response to said given change of control flow, when the target instruction is said gateway instruction, the processing circuitry is configured to omit said stack pointer verifying action when said processing circuitry is in a mode of operation other than said predetermined mode of operation. 
     
     
       20. A data processing method for processing circuitry capable of performing data processing in one of a plurality of security domains including at least a secure domain and a less secure domain, for which checking of whether a memory access is allowed is dependent on security attribute data indicative of which of the plurality of security domains is associated with a target address of the memory access, the method comprising:
 in response to a given change of program flow from processing in the less secure domain to a target instruction having an instruction address associated with the secure domain:
 determining whether the target instruction is a gateway instruction indicative of a valid entry point to the secure domain; 
 in response to the target instruction being an instruction other than said gateway instruction, triggering a fault; and 
 in response to said given change of program flow and the target instruction being said gateway instruction, triggering a stack pointer verifying action to verify whether it is safe to use a selected stack pointer stored in a selected stack pointer register and performing re-entrancy checking in response to the gateway instruction, 
 
 the re-entrancy checking comprising triggering a fault in response to a value loaded from an address derived from the selected stack pointer being at least one integrity signature value. 
 
     
     
       21. A non-transitory computer-readable storage medium storing a computer program for controlling a host data processing apparatus to provide an instruction execution environment for execution of instructions; the computer program comprising:
 processing program logic to support data processing in one of a plurality of security domains including at least a secure domain and a less secure domain; 
 memory access checking program logic to check whether a memory access is allowed depending on security attribute data indicative of which of the plurality of security domains is associated with a target address of the memory access; and 
 register emulating program logic to control access to a memory of the host data processing apparatus to simulate accesses to simulated architectural registers of a target architecture simulated by the computer program, said simulated architectural registers comprising at least one stack pointer register for storing a stack pointer indicative of a stack data structure in memory; in which: 
 in response to a given change of program flow from processing in the less secure domain to a target instruction having an instruction address associated with the secure domain:
 when the target instruction is an instruction other than a gateway instruction indicative of a valid entry point to the secure domain, the processing program logic is configured to trigger a fault; and 
 when the target instruction is said gateway instruction, the processing program logic is configured to trigger a stack pointer verifying action to verify whether it is safe to use a selected stack pointer associated with a selected stack pointer register of said simulated architectural registers; and 
 
 in response to said given change of program flow, when the target instruction is the gateway instruction, the processing circuitry is configured to perform re-entrancy checking in response to the gateway instruction, 
 the re-entrancy checking comprising triggering a fault when a value loaded from an address derived from the selected stack pointer is at least one integrity signature value.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.